Search code examples
djangopostgresqlamazon-rdsamazon-vpcpython-zappa

Can't connect to RDS Postgres locally after setting up NAT instance


I am working on a Django project that uses Zappa to host a serverless app on Lambda. It uses a Postgres database on the back and I've been able to use it flawlessly for some time. Recently I needed to use urllib, and so I needed a NAT instance (EC2 micro instance) to allow Lambda to access the internet.

Now that it's set up, it works fine on production, I can see my site fine and all the pieces interact correctly. However, locally, Django can't seem to connect, it gets this error:

django.db.utils.OperationalError: could not connect to server: Connection timed out (0x0000274C/10060)
Is the server running on host "XXXXXXXXX.XXXXXXXXX.us-west-2.rds.amazonaws.com" (54.70.245.158) and accepting TCP/IP connections on port 5432?

To outline the steps I've gone through, I created a VPC network with private and public subnets through the wizard. I added 2 more private subnets in other zones for availability. I went to my Lambda function and changed the subnets to the new subnets and I also moved my RDS to the same subnets (private ones). For my RDS, I created a new security group for Postgres (port 5432 inbound with source 0.0.0.0/0).

My settings.py under Django remains the same:

DATABASES = {
    # AMAZON RDS Instance
    'default': {
        'ENGINE': 'django.db.backends.postgresql_psycopg2',
        'NAME': 'XXXXXXXXX',
        'USER': 'XXXXXXXXX',
        'PASSWORD': 'XXXXXXXXX',
        'HOST': 'XXXXXXXXXX.XXXXXXXXXX.us-west-2.rds.amazonaws.com',
        'PORT': '5432',
    }
}

I'm not sure where to go from here. I can honestly say this is out of my comfort zone and I don't know what I'm doing. My suspicion is there's something I need to do with the security group, but I'm in over my head and would really appreciate some help. Thanks!


Solution

  • After some fiddling, I realize that I was over complicating things. The RDS should remain on the subnets it launched with, there is no need to bring it over to the same subnets as the NAT instance. Once I moved it back to the original subnets, it functioned fine both locally and in production.